Results 1 to 4 of 4

Thread: Are any of these bad?

  1. #1
    Junior Member
    Join Date
    Apr 2015
    Posts
    2

    Default Are any of these bad?

    This is my first run of Rootalyzer and if I search for every one of these it'll be next week until I'm done. The one that I'm most concerned about is the Kaspersky entry which Mozilla says may be interfering with Firefox's use of SSLs. Could you tell me which, if any, of these should be removed?

    // info: Rootkit removal help file
    // copyright: (c) 2008-2015 Safer-Networking Ltd. All rights reserved.

    :: RootAlyzer Results
    File:"Unknown ADS","C:\Windows\Temp\61a71a1a-1ccc-49ca-97f5-94bcd213b62f:$WIMMOUNTDATA:$DATA"
    File:"Unknown ADS","C:\Users\Alan\SkyDrive:ms-properties:$DATA"
    File:"Unknown ADS","C:\Users\Alan\SkyDrive\Documents:ms-properties:$DATA"
    File:"Unknown ADS","C:\Users\Alan\SkyDrive\Pictures:ms-properties:$DATA"
    File:"Unknown ADS","C:\Users\Alan\SkyDrive\Public:ms-properties:$DATA"
    File:"Unknown ADS","C:\Users\Alan\SkyDrive\Pictures\Camera Roll:ms-properties:$DATA"
    File:"Unknown ADS","C:\Users\Alan\SkyDrive\Pictures\Camera Roll\IFPRTOGO - WIN_20140103_003305.JPG:ms-properties:$DATA"
    File:"Unknown ADS","C:\Users\Alan\SkyDrive\Documents\150320.1.log:ms-properties:$DATA"
    File:"Unknown ADS","C:\Users\Alan\SkyDrive\Documents\150403 firefox.txt:ms-properties:$DATA"
    File:"Unknown ADS","C:\Users\Alan\SkyDrive\Documents\by release date.m3u:ms-properties:$DATA"
    File:"Unknown ADS","C:\Users\Alan\SkyDrive\Documents\Emma's #10 birthday.pub.pdf:ms-properties:$DATA"
    File:"Unknown ADS","C:\Users\Alan\Pictures\Camera Roll\WIN_20140320_195947.JPG:ms-properties:$DATA"
    File:"Unknown ADS","C:\Users\Alan\Pictures\Camera Roll\WIN_20140322_122258.JPG:ms-properties:$DATA"
    File:"Unknown ADS","C:\Users\Alan\Pictures\Camera Roll\WIN_20150113_170117.JPG:ms-properties:$DATA"
    File:"Unknown ADS","C:\Users\Alan\Pictures\Camera Roll\WIN_20150113_170154.JPG:ms-properties:$DATA"
    File:"Unknown ADS","C:\Users\Alan\Pictures\Camera Roll\WIN_20150113_200517.JPG:ms-properties:$DATA"
    File:"Unknown ADS","C:\Users\Alan\Pictures\2013\unsorted\WIN_20140103_003305.JPG:ms-properties:$DATA"
    File:"No admin in ACL","C:\Users\Alan\AppData\Roaming\PrintsService"
    File:"No admin in ACL","C:\Users\Alan\AppData\Roaming\Profiles"
    File:"No admin in ACL","C:\Users\Alan\AppData\Roaming\Project Templates"
    File:"No admin in ACL","C:\Users\Alan\AppData\Roaming\Sample Delay"
    File:"No admin in ACL","C:\ProgramData\PKP_DLeo.DAT"
    File:"No admin in ACL","C:\ProgramData\PKP_DLes.DAT"
    File:"No admin in ACL","C:\ProgramData\PKP_DLet.DAT"
    File:"No admin in ACL","C:\ProgramData\PKP_DLev.DAT"
    File:"No admin in ACL","C:\ProgramData\Radio Sounds"
    File:"No admin in ACL","C:\ProgramData\Receipts"
    File:"No admin in ACL","C:\ProgramData\Repeat Routines"
    File:"No admin in ACL","C:\ProgramData\Sci-Fi"
    File:"No admin in ACL","C:\ProgramData\Screen Savers"
    File:"No admin in ACL","C:\ProgramData\Services"
    File:"No admin in ACL","C:\ProgramData\SupportPrinters"
    File:"No admin in ACL","C:\ProgramData\Ultima_T15\reg_configek.stn"
    File:"No admin in ACL","C:\ProgramData\Ultima_T15\reg_configel.stn"
    File:"No admin in ACL","C:\ProgramData\Ultima_T15\reg_configen.stn"
    File:"No admin in ACL","C:\ProgramData\Ultima_T15\reg_configew.stn"
    File:"No admin in ACL","C:\ProgramData\Nero\OnlineServices"
    File:"No admin in ACL","C:\ProgramData\Nero\OnlineServices\cabundle.crt"
    File:"No admin in ACL","C:\ProgramData\Nero\OnlineServices\controldata_145.bin"
    File:"No admin in ACL","C:\ProgramData\Nero\OnlineServices\usagestatdata_145.bin"
    File:"No admin in ACL","C:\ProgramData\Nero\Nero 12\OnlineServices"
    File:"No admin in ACL","C:\ProgramData\Nero\Nero 12\OnlineServices\cabundle.crt"
    File:"No admin in ACL","C:\ProgramData\Nero\Nero 11\OnlineServices"
    File:"No admin in ACL","C:\ProgramData\Nero\Nero 11\OnlineServices\cabundle.crt"
    File:"No admin in ACL","C:\ProgramData\Nero\Nero 10\OnlineServices"
    File:"Unknown ADS","C:\ProgramData\Kaspersky Lab\AVP15.0.2\Report:kisextended:$DATA"
    File:"No admin in ACL","C:\ProgramData\EnterNHelp\hxdu.xxb"
    File:"No admin in ACL","C:\ProgramData\EnterNHelp\hxdv.xxb"
    File:"No admin in ACL","C:\ProgramData\EnterNHelp\hxdx.xxb"
    File:"No admin in ACL","C:\ProgramData\EnterNHelp\hxeg.xxb"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\CurrentControlSet\Control\Nsi\{eb004a11-9b1a-11d4-9123-0050047759bc}\","8"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\ControlSet001\Control\Nsi\{eb004a11-9b1a-11d4-9123-0050047759bc}\","8"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Security Center\Svc\","Upgrade"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\InputMethod\Jpn\","DuState"

  2. #2
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default

    Hello alanevil,

    Most appear to be hidden Program Data files. In general all items found by the RootAlyzer are not necessarily malicious but shows items it believes to be out of the ordinary and may give a hint for an infection.

    Sometimes even legitimate software uses rootkit technologies. How is the computer running, any particular reason you ran a rootkit scan?

    Best regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  3. #3
    Junior Member
    Join Date
    Apr 2015
    Posts
    2

    Default

    Quote Originally Posted by tashi View Post
    Hello alanevil,

    Most appear to be hidden Program Data files. In general all items found by the RootAlyzer are not necessarily malicious but shows items it believes to be out of the ordinary and may give a hint for an infection.

    Sometimes even legitimate software uses rootkit technologies. How is the computer running, any particular reason you ran a rootkit scan?

    Best regards.
    I have been having increasing issues with Firefox since I was attacked with Optimizer Pro (bastards!) a few weeks ago. Multiple Spybot scans combined with adaware, Kaspersky (which I uninstalled after running two scans), two other rootkit detectors (I didn't even know this was part of Spybot and took me a while to realize it was hidden in the Advanced area), and Housecall finally cleaned the system and nothing has shown up since but Firefox has gotten slower and slower. Mozilla suggested that Kaspersky may have left something behind that interferes with SSL after I "refreshed" Firefox. I have also been unable to re-install iTunes since an update last year. Of course Apple's only advice is that I re-install my OS. That ain't gonna happen.

  4. #4
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default

    Hi alanevil,

    Quote Originally Posted by alanevil View Post
    I have been having increasing issues with Firefox since I was attacked with Optimizer Pro (bastards!) a few weeks ago. Multiple Spybot scans combined with adaware, Kaspersky (which I uninstalled after running two scans), two other rootkit detectors (I didn't even know this was part of Spybot and took me a while to realize it was hidden in the Advanced area), and Housecall finally cleaned the system and nothing has shown up since but Firefox has gotten slower and slower. Mozilla suggested that Kaspersky may have left something behind that interferes with SSL after I "refreshed" Firefox. I have also been unable to re-install iTunes since an update last year. Of course Apple's only advice is that I re-install my OS. That ain't gonna happen.
    Some could take a look at the sytem if you'd like.

    If so please start a topic in the Malware Removal Forum and a volunteer analyst will advise.

    First see that forum's FAQ which also includes instructions in post #2 on how to provide the logs from Farbar Recovery Scan Tool and aswMBR, which are the logs used in the preliminary analysis.

    http://forums.spybot.info/showthread.php?t=288

    Best regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •